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IN THE CLAIMS 

1. (Currently Amended) A" ^ \^.\." -^^ o ^ ^--^.^ . .^.o"^ " 
. ^ 0- - V method of monitonng access to a 

protected database resource compnsing: 

identifying an attempt to access the database resource, the access attempt being 

local and directed to an access gateway of the database resource; 

identifying a pjurality of access paths to the protected database resource: 
intercepting the identified attempt to access the database resource, intercepting 

occurring in a prioritized manner with respect to receipt of the access attempt by the 

access gateway \- ^\ s. . ^- 

^ 'mechanism to be employed by a ioca! client for 

ggggssjn g the DB re^^^ 

identifying a common access point for the access paths to the protected 
resource, access attempts occurring via the identified access ooint for the 
identified access paths 

0-^ v\ \\ - ^Ov.^, 0 ^ \ .o-^-^ \> 1 access point employed by 

receiving the ac^ s ^ v\ \ \ IPC intercept prior 

l6J:eceMolthe.acces^ and 

transmitting, in a nondestructive manner, the intercepted access attempt 
to a local agent, the nondestructive manner operable to preserve the intercepted access 
attempt for successive receipt by the access gateway. 

2. (Original) The method of claim 1 wherein the access attempt is 
deterministic of a DB instruction, and the local agent is in communication with a data 
security device operable to analyze the propriety of the access attempt from objects and 
data values referenced by the DB instruction. 

3. (Original) The method of claim 1 wherein intercepting in a prioritized 
manner further comprises: 
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receiving the access attempt into an interception register prior to receipt 
by the access gateway; 

invoking a prioritized request to activate a reading operation of the 
interception register, invol<ing occurring prior to activation of a read operation of the 
access attempt on behalf of the access gateway; and 

reading the access attempt from the interception register, the interception 
register subsequently appearing undisturbed to the access gateway. 

4. (Original) The method of claim 1 further comprising, prior to identifying the 
access attempt, establishing an IPC intercept operable to receive IPC communications 
directed to the access gateway prior to receipt of the IPC communication by the access 
gateway. 

5. (Original) The method of claim 1 wherein identifying the access attempt 
further comprises listening, at a common access point, for an incoming connection to 

the database resource, the common access point adapted to aggregate access 
attempts to the database resource from a plurality of access mediums. 

6. (Original) The method of claim 2 wherein transmitting further comprises 
rerouting the intercepted access attempts to the data security device, the data security 
device operable to offload data security decisions as a consolidated appliance, the 
offloaded data security decisions relieving the host from processing the data security 
decisions. 

7. (Original) The method of claim 1 wherein the local agent performs 
rerouting of local access attempts in a lightweight manner such that the data security 
device is operable to receive local and remote access attempts, wherein security 
coverage of the DB server for network and local access attempts occur via a common 
appliance. 
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8. (Original) The method of claim 1 wherein intercepting further comprises: 
receiving, from a notification object responsive to an event handler, an 

indication of an IPC communication indicative of a DB access attempt; 

identifying an instruction register in a shared memory area, the instruction 

register having a database instruction corresponding to the access attempt; 

retrieving the DB instruction from the identified instruction register; and 
transmitting the retrieved DB instruction to the data security device. 

Claims 9-10. (Canceled) 

1 1 . (Original) The method of claim 1 further comprising: 

establishing an interface wrapper between the access gateway and the local 
client, the interface wrapper operable to identify an IPC mechanism adapted to transport 
communications between the access gateway and the local client; and 

modifying the identified IPC mechanism to inform the local agent of the 
communications between the access gateway and the local client prior to informing the 
access gateway of the communication. 

12. (Original) The method of claim 1 1 wherein the IPC mechanism is a shared 
memory portion including a plurality of instruction registers, the instruction registers 
operable to buffer a DB instruction for receipt by the access gateway. 

13. (Currently Amended) The method of claim 1 wherein the local agent is a 
lightweight agent operable to intercept the access attempt and transmit the intercepted 
DB instruction to a data security device, the local agent .-^ V. s v .-^ .-^ \ """^^is 
gtte[DPl^ ^tf^g- 8 substantially insignificant effect on a DB host supporting the DB 
server. 
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14. (Currently Amended) The method of claim 1 wherein intercepting further 
comprises 

blocking the intercepted access attempt from receipt by the access gateway, and 
selectively unblocking the access attempt depending on a data security decision 

:'\' \^ o ' 0 crocnetv of the access atternpt . 

15. (Original) The method of claim 14 further comprising: 

computing the data security decision at the data security device; and 
transmitting the data security decision to the local agent, the local agent 
operable to permit receipt of the access attempt by the DB server. 

1 6. (Original) The method of claim 1 5 wherein the data security decision 
further comprises: selectively logging and blocking the access attempt, the data security 
decision including processing selected from the group consisting of firewalls, filters, 
intrusion detectors, alarms, alerts, tunneling and passwords. 

1 7. (Original) The method of claim 1 1 wherein establishing the interface 
wrapper further comprises: 

identifying an event corresponding to a communication via the IPC 

mechanism; 

identifying a local event object corresponding to the event, the local event 
object having a notification list adapted to include registrants of an occurrence of the 
event; and 

registering the local agent in the notification list, the local agent registered 
before the access gateway to receive notifications prior to receipt of the notification by 
the registered access gateway. 

18. (Currently Amended) An encoded set of processor based instructions on 
a computer readable medium for method of controlling local access to a database 
comprising: 
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identifying a local access gateway to the database, the access gateway 
being a common access point into the database; 

establishing an interception wrapper between a local client and the access 
gateway, est ^ ^ . ^ ^ o \ . v. 

the identified IPC operation corresponding to an event, the event derived from a 
database (DB) instruction; 

instantiating a local event object corresponding to the event, the iocai 

^ lotifications of an object to be 



on of the Iocai 

v."^ ^ ^ ... s. V. \ i V V. V.V I an 

Q,g,QyMO,Q§,,,,Q!J,b§,,,,§M§Ol,LJllQ£iQ,,,,Q^^^^ 

intercepting, via the interception wrapper, an access attempt from a local 
client prior to receipt of the access attempt by the access gateway, the access attempt 
indicative of a pending DB instruction in an IPC buffer; 

identifying a local event object corresponding to the access attempt; 
indexing a notification list corresponding to the identified local event 

object; 

traversing the indexed notification list, the notification list including entries 
of notifications to be performed upon occurrence of the event; 

reading a traversed entry corresponding to the local agent, the entry 
indicative of the location of the local agent; 

notifying the local agent using the read location of the local agent; 

retrieving, in response to the notification, the DB instruction from the IPC 

buffer; 

transmitting the retrieved DB instruction from the IPC buffer to a data 
security device operable to analyze the propriety of the DB instruction; 

reading a successive traversed entry corresponding to the access gateway, the 
entry indicative of the location of the access gateway; and 
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notifying, after the notifying of the local agent, the access gateway of the 
IPC event occurrence using the read location of the access gateway. 

19. (Currently Amended) The method of claim 18 wherein establishing the 
interception wrapper further comprises: 

identifying, at l east one i ntorproccGG commun i cat i on operat i on, e ach of tho 
identified IPC operation corr e spond i ng to an ev e nt, the e v e nt d e r i v e d from a database 

(DB) i06tftt€t4GRi 

instantiating a local eve nt o b j e ct corr e spond i n g t o t he e v en t, th -e4Qeal-evefrt 
ebjeet4wv4ft§--a--f^Gl;if4Gaii0n--]lst4R#i€atlve--ef-4->et-ifi 
aft ocGwrefKse- of the evefit; 

storing, i n a first position i n the notification li st, an indication of the -i oGa l ag^nt, - 
t h e- f i Fst-pos i t i on op e rab le to prov i d e th e first not i ficat i on upon an occurr e nc e of the 
event, pr i or to oth e r not i f i cat i ons i n th e not i f i cat i on li st; and 

storing, in a successive position in the notification list, an indication of the access 
gateway, the access gateway operable to employ the IPC event for database 
instructions. 

20. (Original) The method of claim 18 wherein the interception wrapper is 
operable to receive interprocess communication signaling between the local client and 
the access gateway, and intercepting further comprises: 

receiving, by the interception wrapper, a signaling message to the access 

gateway; 

processing the signaling message to identify an DB instruction in the register; 

and 

passing the signaling message in a nondestructive manner to the access 
gateway. 
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21 . (Currently Amended) A local agent comprising a computer readable 

^ ^ 0 "00.^."^ ^ - ^ \ , , ■ o ^.^Jr .Das.ed.J^M^uctiQ^s.f or monitoring 
access to a protected database resource comprising: 

an interface operable to identify an attempt to access the database resource, the 
access attempt being local and directed to an access gateway of the database 
resource, the access attempt being deterministic of a DB instruction, the local agent 
being in communicati on with a d ata security device operable to analyze the propriety of 
the access attempt fro m objects and data values referenced by the DB instruction; 

an IPC intercept operable to intercept the identified attempt to access the 
database resource, intercepting occurring in a prioritized manner with respect to receipt 
of the access attempt by the access gateway, the local agent further operable to 
transmit, in a nondestructive manner, the intercepted access attempt to a data security 
deyice l oca l ag e nt , the nondestructive manner operable to preserve the intercepted 
access attempt for successive receipt by the access aatewav . the local aoent further 
X ^ ^ " V c c *ho intef'^ppted access attempts to the data secunb' Hov Cv * 'V a 
seaj rity jje vK;ei>pere y e.M 0^^^ 

- V ^ o\ ^iv-^f 9 »•■ ^ ^ ^•-^ 

security decisions. 

22. (Canceled) 

23. (Original) The agent of claim 21 wherein the local agent is operable to 
intercept in a prioritized manner, and further operable to: 

receive the access attempt into an interception register prior to receipt by 
the access gateway; 

invoke a prioritized request to activate a reading operation of the 
interception register, invoking occurring prior to activation of a read operation of the 
access attempt on behalf of the access gateway; and 

read the access attempt from the interception register, the interception 
register subsequently appearing undisturbed to the access gateway. 
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24. (Original) The agent of claim 21 wherein the local agent is operable to, 

prior to identifying the access attempt, establish the IPC intercept operable to receive an 
IPC comnnunication directed to the access gateway prior to receipt of the IPC 
communication by the access gateway. 

25. (Original) The agent of claim 21 wherein the local agent is further operable 
to listen, at a common access point, for an incoming connection to the database 
resource, the common access point adapted to aggregate access attempts to the 
database resource from a plurality of access mediums. 

26. (Canceled) 

27. (Currently Amended) The agept m e thod of claim 21 wherein the local 
agent is operable to reroute local access attempts in a lightweight manner such that the 
data security device is operable to receive local and remote access attempts, wherein 
security coverage of the DB server for network and local access attempts occur via a 

common appliance. 

28. (Original) The agent of claim 21 wherein the local agent is further operable 

to: 

receive, from a notification object responsive to an event handler, an 
indication of an IPC communication indicative of a DB access attempt; 

identify an instruction register in a shared memory area, the instruction 
register having a database instruction corresponding to the access attempt; 

retrieve the DB instruction from the identified instruction register; and 

transmit the retrieved DB instruction to the data security device. 
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29. (Original) The agent of claim 21 wherein the local agent is further operable 

to: 

determine an IPC mechanism to be employed by a local client for 
accessing the DB resource; 

establish an IPC intercept from a common access point employed by 
database clients for accessing the DB resource; and 

receive the access attempt at the local agent via the IPC intercept prior to 
receipt of the access attempt by the access gateway. 

30. (Original) The agent of claim 29 wherein the local agent is further operable 

to: 

identify a plurality of access paths to a protected resource; 

identify a common access point for the access paths to the protected resource, 
access attempts occurring exclusively via the identified access point for the identified 
access paths. 

31 . (Original) The agent of claim 21 wherein the local agent is further operable 

to: 

establish an interface wrapper between the access gateway and the local client, 
the interface wrapper operable to identify an IPC mechanism adapted to transport 
communications between the access gateway and the local client; and 

modify the identified IPC mechanism to inform the local agent of the 
communications between the access gateway and the local client prior to informing the 
access gateway of the communication. 

32. (Original) The agent of claim 31 wherein the IPC mechanism is a shared 
memory portion including a plurality of instruction registers, the instruction registers 
operable to buffer a DB instruction for receipt by the access gateway. 
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33. (Currently Amended) The agent of claim 21 wherein the local agent is a 

lightweight agent operable to intercept the access attempt and transmit the intercepted 
DB instruction to a data security device, the local agenKVvV u"^''^ \ - 
; „hav i f i €t - a - s < ibstaFt ti a [l y - 4ns i gn -t f i cant e ff e ct on a DB host supporting the DB 

server. 

34. (Currently Amended) The agent of claim 21 wherein the local agent is 
further operable to: 

block the intercepted access attempt from receipt by the access gateway, and 
selectively unblock the access attempt depending on a data security decision indicative 

of the propriety of the access attempt. 

35. (Original) The agent of claim 34 wherein the local agent is responsive to 
the data security device for: 

computing the data security decision at the data security device; and 

transmitting the data security decision to the local agent, the local agent 
operable to permit receipt of the access attempt by the DB server. 

36. (Original) The agent of claim 35 wherein the data security device is 
operable to selectively log and block the access attempt, the data security decision 
including processing selected from the group consisting of firewalls, filters, intrusion 
detectors, alarms, alerts, tunneling and passwords. 

37. (Original) The agent of claim 24 wherein the local agent is further operable 

to: 

identify an event corresponding to the communication via an IPC 

mechanism; 

identify a local event object corresponding to the event, the local event 
object; having a notification list adapted to include registrants of an occurrence of the 
event; and 
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register the local agent in the notification list, the local agent registered 
before the access gateway to receive notifications prior to receipt of the notification by 
the registered access gateway. 

38. (Currently Amended) A data security device for monitoring access to a 
protected database resource comprising: 

a memory comprising a computer readabie medium operable to store an 
encoded set of proce ssor based instructions: 

a processor operable to execute instructions in the memory; 
an interface operable for interconnection with a database host, the data security 
device in communication with a local agent on the database host, the local agent 
operable to: 

identify an attempt to access the database resource, the access attempt being 
local and directed to an access gateway of the database resource; 

intercept the identified attempt to access the database resource, 

intercepting occurring in a prioritized manner with respect to receipt of the access 
attempt by the access gateway ^ v^. ^ 

iach.g[.i:v.A.v.::t....^i= i:::^..ObiOi.s:itiOj..correse^ ev.s,::.,.vVoiiJL 

derived from a database (DB) instruction; 

instantiating a iocal event object corresponding to the event, the 

lQCii,,,§M§Ol,,,oy Qg^, .hayin g a, .notification,, [jst„^ of notif icatjons of an 

object to be r-- ^ s\ v k ^ ^ ». s . o - . \ . 

local aqer:, >. \-> -^^.xo .^o ^ .s o -.on. 

M; and 

transmit, in a nondestructive manner, the intercepted access attempt to a 
local agent, the nondestructive manner operable to preserve the intercepted access 
attempt for successive receipt by the access gateway. 
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39. (Currently Amended) A computer program product having a computer 
readable medium operable to store computer program logic embodied in computer 
program code encoded c> . o o v.. ^ ^ ^ ^ thereon for monitoring 
access to a protected database resource comprising: 

computer program code for identifying an attempt to access the database 
resource, the access attempt being local and directed to an access gateway of the 
database resource; 

computer program code for intercepting the identified attempt to access the 
database resource, intercepting occurring in a prioritized manner with respect to receipt 
of the access attempt by the access gateway . . \ \ ^ "'■'^MiQS. 

further comp- \. 

cx).rTiputeLproflram_c^^ 

employed by a local client for accessing the DB resource: 

computer program code for IdentifvinQ a common access point for the 

^1 '^'^thc to th*i orotecte'^ ffaqonrce ecces^ al*^'^ots occ urring via the 

^ t ^ t . V ^ V \ ipt from the 

common access point employed by database clients for accessing the PB 
resource; and 

receiving the access attempt at the local agent via the IPC intercept prior 
to receipt of the access attempt by the access gateway: and 

computer program code for transmitting, in a nondestructive manner, the 
intercepted access attempt to a local agent, the nondestructive manner operable to 
preserve the intercepted access attempt for successive receipt by the access gateway. 

40. (Currently Amended) A computer data signal having program code 
encoded on a computer readable medium for monitoring access to a protected 
database resource comprising: 

program code for identifying , by a local agent, an attempt to access the database 
resource, the access attempt being local and directed to an access gateway of the 
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database resource '-^c •^^•^Cc^ .^"r^vHo Ov\^ v ^ ^ , - ^. > > 



program code for intercepting the identified attempt to access the database 
resource, intercepting occurring in a prioritized manner with respect to receipt of the 
access attempt by the access gateway; and 

program code for transmitting, in a nondestructive manner, the intercepted 

access attempt to a ^ - \ > ^ local agent , the nondestructive manner 
operable to preserve the intercepted access attempt for successive receipt by the 
access gateway ~ ' ~ . .\ ^ o o v ^ 

attempts :o t^e oai.a '^^a<rst> uev.ce, ifsts uaia secun:^ oevsc^ OLV:ar.r lo c o 
security decisions as a consolidated appNance, the offloaded data security decisions 
relieving the host from Drocessina the data security decisions. 



41. (Currently Amended) A security filter device. \ ^ . . 

readable me ^ . ^ .\ ^ o . s v . xo-^^-^ o ^^-^ o ^ c^for 

behavior based access tracking of a software application comprising: 

means for identifying , \4g.g. [QgM.gggnti an attempt to access the database 
resource, the access attempt being local and directed to an access gateway of the 
database resource, the access attempt being deterministic of a DB instruction, the jocal 
a g ent, being, jn„commuoj,cat^ 

- ,Y o x v> r e access attempt from objects and data values referenced bv the DB 

means for intercepting the identified attempt to access the database resource, 
intercepting occurring in a prioritized manner with respect to receipt of the access 
attempt by the access gatewa y,.. interceptjng further co.m 

>ing an IPC mechanism to be employed by a local client for 

\; OB resource: 
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ig a common access point for the access paths to the protected 

^ " ^"Cj^ss point employed by 

receiving the access attempt at the local agent via the IPC intercept prior to 
receipt of the access attempt by the access gateway: and 

means for transmitting, in a nondestructive manner, the intercepted 
access attempt to a ^ - \ > ^ local agent , the nondestructive manner 
operable to preserve the intercepted access attempt for successive receipt by the 
access gateway ~ ' ~ . .\ ^ o o v ^ 

attempts : o t^e oai.a '^ ^a<rst> uev.ce, ifsts uaia secun:^ oevsc^ OLV:ar.r lo c o 
security decisions as a consolidated appliance, the offloaded data security decisions 
relieving the host from processing the data security decisions. 
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42. (New) An encoded set of processor based instructions operable to perform a 
method of monitoring access to a protected database resource comprising: 

identifying an attempt to access the database resource, the access attempt being 
local and directed to an access gateway of the database resource, identifying the 
access attempt further comprising listening, at a common access point, for an incoming 
connection to the database resource, the common access point adapted to aggregate 
access attempts to the database resource from a plurality of access mediums; 

intercepting the identified attempt to access the database resource, intercepting 
occurring in a prioritized manner with respect to receipt of the access attempt by the 
access gateway, intercepting further comprising: 

determining an IPC mechanism to be employed by a local client for 

accessing the DB resource; 

identifying a common access point for the access paths to the protected 

resource, access attempts occurring via the identified access point for the 

identified access paths, the access attempt being deterministic of a DB 
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instruction, and the local agent is in communication with a data security device 
operable to analyze the propriety of the access attempt from objects and data 
values referenced by the DB instruction; 

establishing an IPC intercept from the common access point employed by 
database clients for accessing the DB resource; and 

intercepting the access attempt at the local agent via the IPC intercept 
prior to receipt of the access attempt by the access gateway; and 
receiving, in a nondestructive manner, the intercepted access attempt by a local 
agent, the nondestructive manner operable to preserve the intercepted access attempt 
for successive receipt by the access gateway, transmitting further comprising rerouting 
the intercepted access attempts to the data security device, the data security device 
operable to offload data security decisions as a consolidated appliance, the offloaded 
data security decisions relieving the host from processing the data security decisions. 

43. (New) The method of claim 42 wherein intercepting the access attempt further 
comprises: 

identifying, at least one interprocess communication operation, each of the 
identified IPC operation corresponding to an event, the event derived from a database 
(DB) instruction; 

instantiating a local event object corresponding to the event, the local event 
object having a notification list indicative of notifications of an object to be made upon 
an occurrence of the event; and 

storing, in a first position in the notification list, an indication of the local agent, 
the first position operable to provide the first notification upon an occurrence of the 
event, prior to other notifications in the notification list; and 

storing, in a successive position in the notification list, an indication of the access 
gateway, the access gateway operable to employ the IPC event for database 
instructions. 



